The European Data Protection Board (EDPB) has adopted Guidelines 02/2024 (Version 2.0) on Article 48 of the GDPR. The purpose of these guidelines is to clarify the rationale and objective of Article 48 GDPR, including its interaction with the other provisions of Chapter V of the GDPR, and to provide practical recommendations for controllers and processors in the EU that may receive requests from third country authorities to disclose or transfer personal data.
Key points from the guidance:
Reinforces the two-step compliance test: legal basis under Article 6 GDPR and transfer conditions under Chapter V.
Outlines scenarios in which disclosures to non-EU authorities do or do not constitute lawful transfers.
Emphasizes that even voluntary responses to such requests must be treated as international data transfers.
Provides practical steps and conditions under which such transfers may be legally justified or denied.
The document can be accessed from the following link: https://lnkd.in/epDRx4pZ